Microsoft Speech API – Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input.
Threat: To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language.
Criticality: High
Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0985
Adobe Campaign – Arbitrary Code Execution Vulnerability
Description: Adobe has released a security update for Adobe Campaign Classic.
Threat: This update addresses a critical vulnerability that could result in arbitrary code execution.
Criticality: High
Update/Patch: https://helpx.adobe.com/security/products/campaign/apsb19-28.html
Adobe Flash Player – Arbitrary Code Execution Vulnerability
Description: Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS.
Threat: Successful exploitation could lead to arbitrary code execution in the context of the current user.
Criticality: High
Update/Patch: https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
Evernote Web Clipper for Chrome – Cross-Site Scripting (XSS) Vulnerability
Description: A universal XSS vulnerability exists in Evernote Web Clipper for Chrome allows hackers to access sensitive user information.
Threat: An attacker who successfully exploited the vulnerability could bypass the browser’s same-origin policy (SOP) and execute arbitrary code on the user’s behalf.
Criticality: High
Update/Patch: https://evernote.com/security/updates
0 Comments